Fallon Technology Jobs

mobile fallon logo

Job Information

Fallon Health Director, Information Security, Risk and Compliance - Growing Health Care Org! in Worcester, Massachusetts


We may consider a remote work arrangement for someone in our time zone and with the right blend of expereince.

About Fallon Health

Founded in 1977, Fallon Health is a leading health care services organization that supports the diverse and changing needs of those we serve. In addition to offering innovative health insurance solutions and a variety of Medicaid and Medicare products, we excel in creating unique health care programs and services that provide coordinated, integrated care for seniors and individuals with complex health needs. Fallon has consistently ranked among the nation’s top health plans, and is accredited by the National Committee for Quality Assurance for its HMO, Medicare Advantage and Medicaid products. For more information, visit fallonhealth.org.

Brief Summary of Purpose:

The Information Security and Risk role provides direct oversight of The Information Technology Information security and risk program. He/She is directly responsible for the day to day management of the program and ongoing program maturity. This included policy development, Information Security training, Incident management, vendor onboarding and overall security posture and IT control environment for the Enterprise. The Information Security and Risk leader supports the Information Security Officer, Privacy Officer, and Chief Compliance Officer.


  • Reporting to the ISO, this role will drive the development, implementation and monitoring of a comprehensive enterprise information security and IT risk management program

  • Promotes and drives risk awareness, management, and governance corporate-wide as it relates to technology related operational risks

  • Leads teams of IT security and risk professionals in support of organizational risk goals and objectives to drive clarity as to potential areas of material technology risk.

  • Lead the identification, reporting, and response to information security incidents

  • Develop KPIs for measuring and improving the effectiveness of the overall information security program

  • Coordinates and participates in audits, vulnerability testing, and compliance reviews representing information technology functions in support of security, audit, and risk needs

  • Reviews, analyzes and makes recommendations regarding the design and implementation of the operational risk management framework as applicable and required for technology risk

  • Stays current in technology specific operational risk management techniques, industry best practices, and regulatory requirements.

  • Develops and refines the program to ensure a sound approach to understanding the technology risk appetite and posture with supporting metrics, assessment results and other data input as needed

  • Develops methodologies and practices to refine the technology risk framework that drives risk-aware, transparent decision making.

  • Matures the risk based metrics, scorecards and dashboards to track performance as well as identify and monitor trends across the organization.

  • Prepares risk analysis documentation and participates with coordinated reporting as requested

  • Prepares IT-related business continuity and disaster recovery documentation and participates with coordinated reporting as requested

  • Prepares IT-related business impact analysis documentation and participates with coordinated reporting as requested

  • Provide oversight for Vendor onboarding process and vendor security posture assessment

  • Acts as a liaison for the department, maintaining effective and professional relationships with information technology, information security, Purchasing, Contracting, Business Continuity



Bachelor’s degree in Information Technology field


CISSP, GCIA, or CISA required


  • 8-12 years’ Information security management and program maturity experience with a proven ability to engage with Senior Management and regulators.

  • More than 10 years' experience in the IT risk management, IT controls and Audit related activities within the financial or insurance industry.

  • Working knowledge of and experience with NIST CSF, NIST SP 800-53, HIPAA, HI Trust, SOC1 / SOC2

  • Working knowledge of technical infrastructure, networks, business applications and systems in relation to IT Security and Risk.

  • Excellent written and verbal communication skills including Senior management or executive level presentation material development experience

  • Proficiency with IT Risk Management best practices

  • Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives.

  • Proven leadership style that includes exceptional people skills, program management, business and technology expertise

  • Excellent organizational skills, coupled with ability to be versatile and flexible

  • Demonstrated sound business judgment and ability to work successfully with all levels of management

  • Demonstrated creativity and the ability to produce innovative solutions.

  • Demonstrated ability to work independently and lead a team

  • Excellent PC skills (MS Word, PowerPoint, Publisher, Excel and VISIO)

  • Process/Quality Management discipline (Six Sigma, etc.) desirable

Fallon Health provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.


Location US-MA-Worcester

Posted Date 3 months ago (10/7/2020 7:05 PM)

Job ID 6093

# Positions 1

Category Information Technology